Description

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2018

{"osvdb": [{"lastseen": "2017-04-28T13:19:56", "bulletinFamily": "software", "description": "## Vulnerability Description\nA local overflow exists in orville-write, a FreeBSD port. The \"huh\" utility is setuid root and fails to validate input resulting in a buffer overflow. With a specially crafted request, an attacker can obtain escalated privileges resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): (1) remove the orville-write port if you have installed it, (2) remove the setuid bit from the huh utility, (3) upgrade your entire ports collection and rebuild the orville-write port, (4) reinstall a new package dated after the correction date, (5) download a new port skeleton, and (6) use the portcheckout utility to automate aforementioned option (5).\n\nExecution of option (2):\n\n#chmod u-s /usr/local/bin/huh\n## Short Description\nA local overflow exists in orville-write, a FreeBSD port. The \"huh\" utility is setuid root and fails to validate input resulting in a buffer overflow. With a specially crafted request, an attacker can obtain escalated privileges resulting in a loss of integrity.\n## References:\nVendor URL: http://www.freebsd.org\n[Vendor Specific Advisory URL](ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:10-orville-write.asc)\nISS X-Force ID: 4242\n[CVE-2000-0235](https://vulners.com/cve/CVE-2000-0235)\nBugtraq ID: 1070\n", "modified": "2000-03-15T00:00:00", "published": "2000-03-15T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:1263", "id": "OSVDB:1263", "title": "FreeBSD orville-write Local Overflow", "type": "osvdb", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}